Two Bluetooth Panic Buttons Ironically Left Users More Vulnerable to Tracking

Personal safety devices like panic buttons shouldn’t be susceptible to hackers or stalkers, and yet researchers have discovered that two products on the market—the Wearsafe and Revolar devices—had weak security measures in place.

Mark Loveless, a researcher at Duo, outlined the security vulnerabilities of these two devices in a blog post on Wednesday. Wearsafe and Revolar are two personal security wearables designed to help keep users safe with the press of a button. But according to Loveless, both panic buttons can be tracked with a cheap antenna, and the Wearsafe device was vulnerable to a denial-of-service attack, meaning it could be remotely rendered unusable.

When the phone wasn’t connected to the device via Bluetooth, Loveless was able to inundate the Wearsafe panic button with Bluetooth connections, which locked up the device. In order to reactivate it, the owner would have to take out the battery and then put back in. The Revolar wearable was not vulnerable to this type of attack, Loveless found.

The Wearsafe device—described as the “Global IoT Solution for Personal Safety”—can be tracked with a free scanner app if you are nearby, said Loveless. But the researcher noted that if you shell out around $50 (£35) for a bigger antenna, you could track the device from a quarter of a mile away or farther.

The Revolar device, advertised alongside the language, “Everyone deserves to feel safe,” is a bit more difficult to detect, according to the study. Unlike the Wearsafe device, someone couldn’t simply use a free app or antenna to scan for the device, said Loveless. But since the Bluetooth-enabled device is simply named “Revolar” by default, it’s detectable while it is communicating with a connected phone. However, as Loveless noted, this only happens for about 30 seconds every hour.

Loveless said that he contacted both Wearsafe and Revolar—the former addressed the security vulnerabilities, while the latter apparently did not respond. We have reached out to both companies for comment.

There’s a troubling irony in finding security vulnerabilities in these personal safety devices. A device that should, say, help someone fend off a stalker should not ultimately leave users in a more vulnerable position. [ZDNet]